Mandate of the Communications Security Establishment Commissioner

My mandate under the National Defence Act is:

  1. to review activities of CSE to determine whether they comply with the law;
  2. to undertake any investigation I deem necessary in response to a written complaint; and
  3. to inform the Minister of National Defence (who is accountable to Parliament for CSE) and the Attorney General of Canada of any CSE activities that I believe may not be in compliance with the law.

Under the Security of Information Act, I also have a mandate to receive information from persons who are permanently bound to secrecy if they believe it is in the public interest to release special operational information of CSE.

CSE's mandate

When the Anti-terrorism Act, 2001 came into effect on December 24, 2001, it added Part V.1 to the National Defence Act, and set out CSE's three-part mandate:

  • part (a) authorizes CSE to acquire and use foreign signals intelligence in accordance with the Government of Canada's intelligence priorities;
  • part (b) authorizes CSE to help protect electronic information and information infrastructures of importance to the Government of Canada; and
  • part (c) authorizes CSE to provide technical and operational assistance to federal law enforcement and security agencies, including helping them obtain and understand communications collected under those agencies' own lawful authorities.

With the emphasis on reviewing the lawfulness of CSE activities and the protection of the privacy of Canadians, the National Defence Act requires that the CSE Commissioner be a supernumerary or retired judge of a superior court.

To carry out my mandate, the National Defence Act provides me:

To be effective, reviewers need specialized expertise to be able to understand the technical, legal and privacy aspects of CSE activities. They also need security clearances at the level required to examine CSE records and systems. They are bound by the Security of Information Act and cannot divulge to unauthorized persons the specific information they access.

Annex A contains the text of the relevant sections of the National Defence Act and the Security of Information Act relating to my role and mandate as CSE Commissioner.

Our approach

The purpose of my review mandate is:

Protection of Canadians' privacy

By law, CSE is prohibited from directing its foreign signals intelligence collection and IT security activities at Canadians – wherever they might be in the world – or at any person in Canada. My review of CSE activities includes determining whether CSE, in its use and retention of collected information, takes satisfactory measures to protect every Canadian's reasonable expectation of privacy. I examine CSE use, disclosure and retention of private communications. I verify that Canadian identity information is protected and only shared with authorized partners when needed for understanding foreign signals intelligence or IT security information. I also verify that metadata is used only to understand the global information infrastructure, to obtain foreign intelligence or to protect cyber systems, but not to obtain information about a Canadian.

Using a variety of methods, we are continuously conducting reviews of:

Each review includes an assessment of CSE activities against a standard set of criteria:

Reporting on findings

The results of individual reviews are the subject of classified reports to the Minister of National Defence. My classified review reports document CSE activities, contain findings relating to the review criteria, and disclose the nature and significance of any deviations from the criteria. Where and when appropriate, I make recommendations to the Minister of National Defence aimed at improving privacy protections or correcting discrepancies between CSE activities and my expectations, based on standard criteria.

The reports are free of any interference by CSE or any Minister. I determine the content of my reports, which are based on facts and conclusions drawn from those facts. Following the standard audit practice of disclosure, I present draft versions of review reports to CSE for confirmation of factual accuracy. This is essential to the review process given that my recommendations are based on the facts as uncovered in my reviews.

The Commissioner's annual report for Parliament is a public document. CSE reviews the draft to verify that it does not contain any classified information that may contravene the Security of Information Act. In the interest of transparency and better public understanding, I push the limits to include as much information as possible in my report. The report is provided to the Minister of National Defence who must by law table it in Parliament.

As a further step toward openness within a stringent security framework, my office publishes on our website the titles of all review reports submitted to the Minister of National Defence (with any classified information removed) – 90 to date – to demonstrate the depth and breadth of Commissioners' reviews.

The logic model in Annex B provides a flow chart of the review program.

Date modified: